His conclusions included:
– “It is important as a defender to know what purposes your systems serve, and what they should be doing. ”
– have proper outbound as well as inbound filters. “Once attackers compromise a system, they need a way back out in order to maintain control of that system. If you have a strict outbound policy it can do two things that help make defense easier”.
– check your logs!
– SQL injection still works…
– dont overlook the obvious: the winner of the competition hacked in by guessing a password, then putting on a visible Python script, named to look like a system file, which one of the Blue teams ever discovered.